-
Notifications
You must be signed in to change notification settings - Fork 299
190 lines (160 loc) · 6.37 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
name: "publish"
# change this when ready to release if you want CI/CD
on: workflow_dispatch
env:
CN_APPLICATION: cap/cap
APP_CARGO_TOML: apps/desktop/src-tauri/Cargo.toml
SENTRY_ORG: cap-s2
SENTRY_PROJECT: cap-desktop
jobs:
draft:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.read_version.outputs.value }}
needs_release: ${{ steps.create_tag.outputs.tag_existed != 'true' }}
permissions:
contents: write
steps:
- uses: actions/checkout@v4
- name: Read version number
uses: SebRollen/[email protected]
id: read_version
with:
file: ${{ env.APP_CARGO_TOML }}
field: "package.version"
- name: Create tag
id: create_tag
if: ${{ steps.create_tag.outputs.tag_existed != 'true' }}
uses: actions/github-script@v7
with:
script: |
const tag = "cap-v${{ steps.read_version.outputs.value }}";
const tagRef = `tags/${tag}`;
const TAG_EXISTED = "tag_existed";
async function main() {
let tagExisted = true;
try {
await github.rest.git.getRef({
ref: tagRef,
owner: context.repo.owner,
repo: context.repo.repo,
});
tagExisted = true;
core.notice(`Release skipped as tag '${tag}' already exists. Update the version in '${{ env.APP_CARGO_TOML }}' before starting another release.`);
} catch (error) {
if ("status" in error && error.status === 404) tagExisted = false;
else throw error;
}
core.setOutput(TAG_EXISTED, tagExisted);
if (!tagExisted)
await github.rest.git.createRef({
ref: `refs/${tagRef}`,
owner: context.repo.owner,
repo: context.repo.repo,
sha: context.sha,
});
}
main();
- name: Create draft CN release
uses: crabnebula-dev/cloud-release@v0
with:
command: release draft ${{ env.CN_APPLICATION }} ${{ steps.read_version.outputs.value }} --framework tauri
api-key: ${{ secrets.CN_API_KEY }}
- name: Create draft GH release
# TODO: Change to stable version when available
uses: softprops/action-gh-release@v2
with:
draft: true
generate_release_notes: true
build:
needs: draft
if: ${{ needs.draft.outputs.needs_release == 'true' }}
permissions:
contents: write
runs-on: macos-latest
strategy:
fail-fast: false
matrix:
settings:
- target: x86_64-apple-darwin
prebuild: x86_64
- target: aarch64-apple-darwin
prebuild: aarch64
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Create API Key File
run: echo "${{ secrets.APPLE_API_KEY_FILE }}" > api.p8
- uses: apple-actions/import-codesign-certs@v2
with:
p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }}
p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
- name: Verify certificate
run: security find-identity -v -p codesigning ${{ runner.temp }}/build.keychain
- name: Rust setup
uses: dtolnay/rust-toolchain@stable
with:
targets: ${{ matrix.settings.target }}
- name: Rust cache
uses: swatinem/rust-cache@v2
with:
shared-key: ${{ matrix.settings.target }}
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 9.8.0
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "20"
cache: pnpm
- name: Install dependencies
run: pnpm install
- name: Create .env file in root
run: |
echo "appVersion=${{ needs.draft.outputs.version }}" >> .env
echo "CAP_DESKTOP_SENTRY_URL=https://6a3b6a09e6ae976c2ad6fff710e88748@o4506859771527168.ingest.us.sentry.io/4508330917101568" >> .env
echo "NEXT_PUBLIC_URL=${{ secrets.NEXT_PUBLIC_URL }}" >> .env
echo 'NEXTAUTH_URL=${NEXT_PUBLIC_URL}' >> .env
echo 'VITE_SERVER_URL=${NEXT_PUBLIC_URL}' >> .env
echo "NEXT_PUBLIC_CAP_AWS_REGION=${{ secrets.NEXT_PUBLIC_CAP_AWS_REGION }}" >> .env
echo "NEXT_PUBLIC_CAP_AWS_BUCKET=${{ secrets.NEXT_PUBLIC_CAP_AWS_BUCKET }}" >> .env
- name: Copy .env to apps/desktop
run: cp .env apps/desktop/.env
- name: Output .env file
run: cat apps/desktop/.env
- name: Cargo clean
run: cargo clean
- name: Build macOS apps
working-directory: apps/desktop
run: |
export TARGET_TRIPLE=${{ matrix.settings.target }}
node ${{ github.workspace }}/.github/prebuild.js darwin ${{ matrix.settings.prebuild }}
pnpm tauri build --target ${{ matrix.settings.target }} --config src-tauri/tauri.conf.prod.json
env:
# https://github.com/tauri-apps/tauri-action/issues/740
CI: false
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# codesigning
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
# notarization
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
APPLE_API_KEY_PATH: ${{ github.workspace }}/api.p8
APPLE_KEYCHAIN: ${{ runner.temp }}/build.keychain
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
- name: Upload assets
uses: crabnebula-dev/cloud-release@v0
with:
command: release upload ${{ env.CN_APPLICATION }} "${{ needs.draft.outputs.version }}" --framework tauri
api-key: ${{ secrets.CN_API_KEY }}
- name: Upload debug symbols to Sentry
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
working-directory: target
run: |
curl -sL https://sentry.io/get-cli/ | bash
sentry-cli debug-files upload -o ${{ env.SENTRY_ORG }} -p ${{ env.SENTRY_PROJECT }} Cap.dSYM